<?php
/******************************
 * EQdkp
 * Copyright 2002-2003
 * Licensed under the GNU GPL.  See COPYING for full terms.
 * ------------------
 * register.php
 * Began: Sat January 4 2003
 * 
 * $Id: register.php 541 2008-05-20 06:56:16Z rspeicher $
 * 
 ******************************/
 
define('EQDKP_INC', true);
$eqdkp_root_path = './';
include_once($eqdkp_root_path . 'common.php');

$fv = new Form_Validate;

// Start session management
$user->start();
$user->setup();

if ( $user->data['user_id'] != ANONYMOUS )
{
    header('Location: settings.php'.$SID);
}

// Build the URL
$script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($eqdkp->config['server_path']));
$script_name = ( $script_name != '' ) ? $script_name . '/register.php' : 'register.php';
$server_name = trim($eqdkp->config['server_name']);
$server_port = ( $eqdkp->config['server_port'] != 80 ) ? ':' . trim($eqdkp->config['server_port']) . '/' : '/';
$server_url = 'http://' . $server_name . $server_port . $script_name;

$mode = ( isset($_GET['mode']) ) ? $_GET['mode'] : false;
$submit = ( isset($_POST['submit']) ) ? true : false;

// Data to be put into the form
// If it's not set in _POST, we get it from config defaults
$data = array(
    'username' => post_or_db('username', false),
    'user_email' => post_or_db('user_email', false),
    'user_alimit' => post_or_db('user_alimit', true, $eqdkp->config, 'default_alimit'),
    'user_elimit' => post_or_db('user_elimit', true, $eqdkp->config, 'default_elimit'),
    'user_ilimit' => post_or_db('user_ilimit', true, $eqdkp->config, 'default_ilimit'),
    'user_nlimit' => post_or_db('user_nlimit', true, $eqdkp->config, 'default_nlimit'),
    'user_rlimit' => post_or_db('user_rlimit', true, $eqdkp->config, 'default_rlimit'),
    'user_lang' => post_or_db('user_lang', true, $eqdkp->config, 'default_lang'),
    'user_style' => post_or_db('user_style', true, $eqdkp->config, 'default_style')
);

if ( $submit )
{
    $_POST = htmlspecialchars_array($_POST);
    
    $action = 'register';
    
    // Error-check the form
    $sql = 'SELECT user_id
            FROM ' . USERS_TABLE . "
            WHERE username='".$_POST['username']."'";
    if ( $db->num_rows($db->query($sql)) > 0 )
    {
        $fv->errors['username'] = $user->lang['fv_already_registered_username'];
    }
    
    $sql = 'SELECT user_id
            FROM ' . USERS_TABLE . "
            WHERE user_email='".$_POST['user_email']."'";
    if ( $db->num_rows($db->query($sql)) > 0 )
    {
        $fv->errors['user_email'] = $user->lang['fv_already_registered_email'];
    }
    
    $fv->matching_passwords('user_password1', 'user_password2', $user->lang['fv_match_password']);
    
    $fv->is_number(array(
        'user_alimit' => $user->lang['fv_number'],
        'user_elimit' => $user->lang['fv_number'],
        'user_ilimit' => $user->lang['fv_number'],
        'user_nlimit' => $user->lang['fv_number'],
        'user_rlimit' => $user->lang['fv_number'])
    );
    
    $fv->is_email_address('user_email', $user->lang['fv_invalid_email']);
    
    $fv->is_filled(array(
        'username' => $user->lang['fv_required_user'],
        'user_email' => $user->lang['fv_required_email'],
        'user_password1' => $user->lang['fv_required_password'],
        'user_password2' => '')
    );
    
    if ( $fv->is_error() )
    {
        $action = 'display';
    }   
}
else
{
    $action = 'display';
}

//
// Mode - Confirm / Deny registration (admin or user)
//
switch ( $mode )
{
    case 'lostpassword':
        $username = ( !empty($_POST['username']) ) ? trim(strip_tags($_POST['username'])) : '';
        $user_email = ( !empty($_POST['user_email']) ) ? trim(strip_tags($_POST['user_email'])) : '';
        
        $sql = 'SELECT user_id, username, user_email, user_active, user_lang
                FROM ' . USERS_TABLE . "
                WHERE user_email='".$user_email."'
                AND username='".$username."'";
        if ( $result = $db->query($sql) )
        {
            if ( $row = $db->fetch_record($result) )
            {
                if ( !$row['user_active'] )
                {
                    message_die($user->lang['error_account_inactive']);
                }
 
                $username = $row['username'];
                
                $user_key = generate_random_string(true);
                $key_len = 54 - (strlen($server_url));
                $key_len = ($key_len > 6) ? $key_len : 6;
    
                $user_key = substr($user_key, 0, $key_len);
                $user_password = generate_random_string(false);
                
                $sql = 'UPDATE ' . USERS_TABLE . "
                        SET user_newpassword='".md5($user_password)."', user_key='".$user_key."'
                        WHERE user_id='".$row['user_id']."'";
                if ( !$db->query($sql) )
                {
                    message_die('Could not update password information', '', __FILE__, __LINE__, $sql);
                }
                
                include_once($eqdkp_root_path . 'includes/class_email.php');
                $email = new EMail;
                
                $headers = "From: " . $eqdkp->config['admin_email'] . "\nReturn-Path: " . $eqdkp->config['admin_email'] . "\r\n";
                
                $email->set_template('user_new_password', $row['user_lang']);
                $email->address($row['user_email']);
                $email->subject();
                $email->extra_headers($headers);
                
                $email->assign_vars(array(
                    'GUILDTAG' => $eqdkp->config['guildtag'],
                    'DKP_NAME' => $eqdkp->config['dkp_name'],
                    'USERNAME' => $row['username'],
                    'DATETIME' => date('m/d/y h:ia T', time()),
                    'IPADDRESS' => $user->ip,
                    'U_ACTIVATE' => $server_url . '?mode=activate&key='.$user_key,
                    'USERNAME' => $row['username'],
                    'PASSWORD' => $user_password)
                );
                $email->send();
                $email->reset();
                
                message_die($user->lang['password_sent']);
            }
            else
            {
                message_die($user->lang['error_invalid_email']);
            }
        }
        else
        {
            message_die('Could not obtain user information', '', __FILE__, __LINE__, $sql);
        }
        break;
    case 'activate':
        $sql = 'SELECT user_id, username, user_active, user_email, user_newpassword, user_lang, user_key
                FROM ' . USERS_TABLE . "
                WHERE user_key='".$_GET['key']."'";
        if ( !($result = $db->query($sql)) )
        {
            message_die('Could not obtain user information', '', __FILE__, __LINE__, $sql);
        }
        if ( $row = $db->fetch_record($result) )
        {
            // If they're already active, just bump them back
            if ( ($row['user_active'] == '1') && ($row['user_key'] == '') )
            {
                message_die($user->lang['error_already_activated']);
            }
            else
            {
                // Update the password if we need to
                $sql_password = ( $row['user_newpassword'] != '' ) ? ", user_password='".remove_quote_escape($row['user_newpassword'])."', user_newpassword=''" : '';
                
                $sql = 'UPDATE ' . USERS_TABLE . "
                        SET user_active='1', user_key=''" . $sql_password . "
                        WHERE user_id='".$row['user_id']."'";
                $db->query($sql);
                
                // E-mail the user if this was activated by the admin
                if ( $eqdkp->config['account_activation'] == USER_ACTIVATION_ADMIN )
                {
                    include_once($eqdkp_root_path . 'includes/class_email.php');
                    $email = new EMail;
                    
                    $headers = "From: " . $eqdkp->config['admin_email'] . "\nReturn-Path: " . $eqdkp->config['admin_email'] . "\r\n";
                    
                    $email->set_template('register_activation_none', $row['user_lang']);
                    $email->address($row['user_email']);
                    $email->subject();
                    $email->extra_headers($headers);
                    
                    $email->assign_vars(array(
                        'GUILDTAG' => $eqdkp->config['guildtag'],
                        'DKP_NAME' => $eqdkp->config['dkp_name'],
                        'USERNAME' => $row['username'],
                        'PASSWORD' => '(encrypted)')
                    );
                    $email->send();
                    $email->reset();
                    
                    $success_message = $user->lang['account_activated_admin'];
                }
                else
                {
                    $tpl->assign_vars(array(
                        'META' => '<meta http-equiv="refresh" content="3;login.php' . $SID . '">')
                    );
                    
                    $success_message = sprintf($user->lang['account_activated_user'], '<a href="login.php' . $SID . '">', '</a>');
                }
                
                message_die($success_message);
            }
        }
        else
        {
            message_die($user->lang['error_invalid_key']);
        }
    default:
        break;
}

//
// Action - Submit registration / Display form
//
switch ( $action )
{
    case 'register':
        $_POST = htmlspecialchars_array($_POST);
        
        // If the config requires account activation, generate a random key for validation
        if ( ($eqdkp->config['account_activation'] == USER_ACTIVATION_SELF) || ($eqdkp->config['account_activation'] == USER_ACTIVATION_ADMIN) )
        {
            $user_key = generate_random_string(true);
            $key_len = 54 - (strlen($server_url));
            $key_len = ($key_len > 6) ? $key_len : 6;

            $user_key = substr($user_key, 0, $key_len);
            $user_active = 0;

            if ($user->data['user_id'] != ANONYMOUS)
            {
                $user->destroy();
            }
        }
        else
        {
            $user_key = '';
            $user_active = 1;
        }
        
        // Insert them into the users table
        $sql = 'INSERT INTO ' . USERS_TABLE . "
                (user_id, username, user_password, user_email, user_alimit, user_elimit, user_ilimit, 
                    user_nlimit, user_rlimit, user_style, user_lang, user_key, user_active, user_lastvisit)
                VALUES ('NULL','".remove_quote_escape($_POST['username'])."','".md5($_POST['user_password1'])."','".remove_quote_escape($_POST['user_email'])."','".$_POST['user_alimit']."','".$_POST['user_elimit']."','".$_POST['user_ilimit']."',
                    '".$_POST['user_nlimit']."','".$_POST['user_rlimit']."','".$_POST['user_style']."','".$_POST['user_lang']."','".$user_key."','".$user_active."','".time()."')";
        if ( !($db->query($sql)) )
        {
            message_die('Could not add user information', '', __FILE__, __LINE__, $sql);
        }
        $user_id = $db->insert_id();
        
        // Insert their permissions into the table
        $sql = 'SELECT auth_id, auth_default
                FROM ' . AUTH_OPTIONS_TABLE . '
                ORDER BY auth_id';
        $result = $db->query($sql);
        while ( $row = $db->fetch_record($result) )
        {
            $au_sql = 'INSERT INTO ' . AUTH_USERS_TABLE . "
                       (user_id, auth_id, auth_setting)
                       VALUES ('".$user_id."','".$row['auth_id']."','".$row['auth_default']."')";
            $db->query($au_sql);
        }
        
        if ($eqdkp->config['account_activation'] == USER_ACTIVATION_SELF)
        {
            $success_message = sprintf($user->lang['register_activation_self'], stripslashes($_POST['user_email']));
            $email_template = 'register_activation_self';
        }
        elseif ($eqdkp->config['account_activation'] == USER_ACTIVATION_ADMIN)
        {
            $success_message = sprintf($user->lang['register_activation_admin'], stripslashes($_POST['user_email']));
            $email_template = 'register_activation_admin';
        }
        else
        {
            $success_message = sprintf($user->lang['register_activation_none'], '<a href="login.php'.$SID.'">', '</a>', stripslashes($_POST['user_email']));
            $email_template = 'register_activation_none';
        }
        
        include_once($eqdkp_root_path . 'includes/class_email.php');
        $email = new EMail;
        
        $headers = "From: " . $eqdkp->config['admin_email'] . "\nReturn-Path: " . $eqdkp->config['admin_email'] . "\r\n";
        
        $email->set_template($email_template, stripslashes($_POST['user_lang']));
        $email->address(stripslashes($_POST['user_email']));
        $email->subject(); // Grabbed from the template itself
        $email->extra_headers($headers);
        
        $email->assign_vars(array(
            'GUILDTAG' => $eqdkp->config['guildtag'],
            'DKP_NAME' => $eqdkp->config['dkp_name'],
            'USERNAME' => stripslashes($_POST['username']),
            'PASSWORD' => stripslashes($_POST['user_password1']),
            'U_ACTIVATE' => $server_url . '?mode=activate&key='.$user_key)
        );
        
        $email->send();
        $email->reset();
        
        // Now email the admin if we need to
        if ( $eqdkp->config['account_activation'] == USER_ACTIVATION_ADMIN )
        {
            $email->set_template('register_activation_admin_activate', $eqdkp->config['default_lang']);
            $email->address($eqdkp->config['admin_email']);
            $email->subject();
            $email->extra_headers($headers);
            
            $email->assign_vars(array(
                'GUILDTAG' => $eqdkp->config['guildtag'],
                'DKP_NAME' => $eqdkp->config['dkp_name'],
                'USERNAME' => stripslashes($_POST['username']),
                'U_ACTIVATE' => $server_url . '?mode=activate&key='.$user_key)
            );
            
            $email->send();
            $email->reset();
        }
        
        message_die($success_message);
        
        break;
    case 'display':
        $tpl->assign_vars(array(
            'F_SETTINGS' => 'register.php'.$SID,
            
            'S_CURRENT_PASSWORD' => false,
            'S_NEW_PASSWORD' => false,
            'S_SETTING_ADMIN' => false,

            'L_REGISTRATION_INFORMATION' => $user->lang['registration_information'],
            'L_REQUIRED_FIELD_NOTE' => $user->lang['required_field_note'],
            'L_USERNAME' => $user->lang['username'],
            'L_EMAIL_ADDRESS' => $user->lang['email_address'],
            'L_PASSWORD' => $user->lang['password'],
            'L_CONFIRM_PASSWORD' => $user->lang['confirm_password'],
            'L_PREFERENCES' => $user->lang['preferences'],
            'L_ADJUSTMENTS_PER_PAGE' => $user->lang['adjustments_per_page'],
            'L_EVENTS_PER_PAGE' => $user->lang['events_per_page'],
            'L_ITEMS_PER_PAGE' => $user->lang['items_per_page'],
            'L_NEWS_PER_PAGE' => $user->lang['news_per_page'],
            'L_RAIDS_PER_PAGE' => $user->lang['raids_per_page'],
            'L_LANGUAGE' => $user->lang['language'],
            'L_STYLE' => $user->lang['style'],
            'L_PREVIEW' => $user->lang['preview'],
            'L_SUBMIT' => $user->lang['submit'],
            'L_RESET' => $user->lang['reset'],

            'USERNAME' => $data['username'],
            'USER_EMAIL' => $data['user_email'],
            'USER_ALIMIT' => $data['user_alimit'],
            'USER_ELIMIT' => $data['user_elimit'],
            'USER_ILIMIT' => $data['user_ilimit'],
            'USER_NLIMIT' => $data['user_nlimit'],
            'USER_RLIMIT' => $data['user_rlimit'],

            'FV_USERNAME' => $fv->generate_error('username'),
            'FV_USER_PASSWORD' => $fv->generate_error('user_password1'),
            'FV_USER_EMAIL' => $fv->generate_error('user_email'),
            'FV_USER_ALIMIT' => $fv->generate_error('user_alimit'),
            'FV_USER_ELIMIT' => $fv->generate_error('user_elimit'),
            'FV_USER_ILIMIT' => $fv->generate_error('user_ilimit'),
            'FV_USER_NLIMIT' => $fv->generate_error('user_nlimit'),
            'FV_USER_RLIMIT' => $fv->generate_error('user_rlimit'))
        );

        if ( $dir = @opendir($eqdkp_root_path . 'language/') )
        {
            while ( $file = @readdir($dir) )
            {
                if ( (!is_file($eqdkp_root_path . 'language/' . $file)) && (!is_link($eqdkp_root_path . 'language/' . $file)) && ($file != '.') && ($file != '..') && ($file != 'CVS') )
                {
                    $tpl->assign_block_vars('lang_row', array(
                        'VALUE' => $file,
                        'SELECTED' => ( $data['user_lang'] == $file ) ? ' selected="selected"' : '',
                        'OPTION' => ucfirst($file))
                    );
                }
            }
        }

        $sql = 'SELECT style_id, style_name
                FROM ' . STYLES_TABLE . '
                ORDER BY style_name';
        $result = $db->query($sql);
        while ( $row = $db->fetch_record($result) )
        {
            $tpl->assign_block_vars('style_row', array(
                'VALUE' => $row['style_id'],
                'SELECTED' => ( $data['user_style'] == $row['style_id'] ) ? ' selected="selected"' : '',
                'OPTION' => $row['style_name'])
            );
        }
        $db->free_result($result);

        $page_title = sprintf($user->lang['title_prefix'], $eqdkp->config['guildtag'], $eqdkp->config['dkp_name']).': ';
        include_once($eqdkp_root_path . 'includes/page_header.php');
        
        $tpl->set_filenames(array(
            'body' => 'settings.html')
        );
        
        include_once($eqdkp_root_path . 'includes/page_tail.php');
        break;
    default:
        break;
}

/**
* Generates a random string for use as a password
* 
* @param $hash Return an md5 hash?
* @return string
*/
function generate_random_string($hash)
{
	$chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J',  'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T',  'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');

	$max_chars = count($chars) - 1;
	srand( (double) microtime()*1000000);

	$rand_str = '';
	for($i = 0; $i < 8; $i++)
	{
		$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
	}

	return ( $hash ) ? md5($rand_str) : $rand_str;
}
?>